When adding a new user in the admin, strip slashes from the password sent to the user by email. props hakre for initial patch. fixes #17018.
git-svn-id: http://core.svn.wordpress.org/trunk@23634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
aa842e13b1
commit
831afad92c
|
@ -44,9 +44,9 @@ function edit_user( $user_id = 0 ) {
|
|||
|
||||
$pass1 = $pass2 = '';
|
||||
if ( isset( $_POST['pass1'] ))
|
||||
$pass1 = $_POST['pass1'];
|
||||
$pass1 = wp_unslash( $_POST['pass1'] );
|
||||
if ( isset( $_POST['pass2'] ))
|
||||
$pass2 = $_POST['pass2'];
|
||||
$pass2 = wp_unslash( $_POST['pass2'] );
|
||||
|
||||
if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
|
||||
$new_role = sanitize_text_field( $_POST['role'] );
|
||||
|
@ -106,10 +106,10 @@ function edit_user( $user_id = 0 ) {
|
|||
|
||||
/* checking that username has been typed */
|
||||
if ( $user->user_login == '' )
|
||||
$errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ));
|
||||
$errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
|
||||
|
||||
/* checking the password has been typed twice */
|
||||
do_action_ref_array( 'check_passwords', array ( $user->user_login, & $pass1, & $pass2 ));
|
||||
do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
|
||||
|
||||
if ( $update ) {
|
||||
if ( empty($pass1) && !empty($pass2) )
|
||||
|
@ -150,7 +150,7 @@ function edit_user( $user_id = 0 ) {
|
|||
}
|
||||
|
||||
// Allow plugins to return their own errors.
|
||||
do_action_ref_array('user_profile_update_errors', array ( &$errors, $update, &$user ) );
|
||||
do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) );
|
||||
|
||||
if ( $errors->get_error_codes() )
|
||||
return $errors;
|
||||
|
@ -159,7 +159,7 @@ function edit_user( $user_id = 0 ) {
|
|||
$user_id = wp_update_user( $user );
|
||||
} else {
|
||||
$user_id = wp_insert_user( $user );
|
||||
wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' );
|
||||
wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? $pass1 : '' );
|
||||
}
|
||||
return $user_id;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue